[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Question on best way to partially disable users
- To: openldap-technical@openldap.org
- Subject: Question on best way to partially disable users
- From: Ski Kacoroski <ckacoroski@nsd.org>
- Date: Fri, 02 Sep 2011 12:38:06 -0700
- Organization: Northshore School District
- User-agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
Hi,
I have an openldap server that several applications use for
authenication. What we need to do is when a person is disabled, we need
to disable access for that user for all applications but one
(employeeonline). My first thought was simply to move the disabled
person to a different OU (e.g. ou=eoonly,dc=... instead of
ou=people,dc=...). The problem I am running into is that employeeonline
is windows/vbscript that uses SASL to bind which means that I cannot
just move the user to a different OU as they are always coming in as
sasl-realm OL.NSD.ORG. Does any one have a good trick for how to do
this? So far all I have come up with is:
1. Bind as a admin user and then check the user's password instead of
binding as the user.
2. Figure out someway for vbscript to bind as a different SASL realms.
Thanks in advance for your advice.
cheers,
ski
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, Unix Admin, NSD
206-501-9803, ski98033 on IRC and most IM services